Questions on kerb 4 vice kerb 5

[Henry B. Hotz]

At 3:24 PM -0500 11/19/01, Ted Anderson wrote:
>On Thu, 15 Nov 2001 12:08:28 -0800 "Henry B. Hotz" <hotz at jpl.nasa.gov> wrote:
>>  As I understand it there are 3 possibly relevant wire protocols:
>>	rx	the native AFS authentication, closely related to k4
>>	k4	supported by the AFS kaserver with a non-standard string-to-key
>>	k5	øusable? by AFS with non-standard authentication tools
>>  rx and k4 both suffer the same well-known replay vulnerability.
>>  Could I close both of them off with a firewall and still get
>>  everything I need using only k5?
>
>I am not quite sure what you mean by the weel-known reply vulnerability,

if it matters:                                      replay, not reply

>but the Rx and K4 authentication (TGT) protocols do have an important
>difference.  The Rx protocol's request requires a timestamp to be
>encrypted with the user's password.  This means that the kaserver can
>reject bogus requests and those more than a few (15?) minutes old.  This
>solves the problem of the K4 protocol in giving out "free" samples of
>ciphertext.
>
>Is this the weakness you mean?

Kind of sounds like it -- except I thought that the problem was that 
k4 had timestamps, but the server allowed around 5-15 minutes of slop 
(because people were generally sloppy about setting clocks back then 
and NPT wasn't developed yet).  There was plenty of time for an 
attack robot to capture and replay the requesting packets and get its 
own ticket/token.

In other words your description of rx matches my memory of the k4 problem.


Since I guess I've exhausted the store of free technical advice on 
the subject can I ask people for a reference to the rx protocol so I 
can concievably figure this out for myself?

Thanks all.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu